hwcryptohal: Service delegator fixes
Addressed several comments from aosp/3501822.
Bug: 393162614
Test: cf build/ manual test
Change-Id: I924d6fc860a3033aa1435e1680dfb9df5b32dc05
diff --git a/security/see/hwcrypto/aidl/vts/functional/lib.rs b/security/see/hwcrypto/aidl/vts/functional/lib.rs
index 81ae3fa..465dde7 100644
--- a/security/see/hwcrypto/aidl/vts/functional/lib.rs
+++ b/security/see/hwcrypto/aidl/vts/functional/lib.rs
@@ -17,61 +17,11 @@
//! VTS test library for HwCrypto functionality.
//! It provides the base clases necessaries to write HwCrypto VTS tests
-#[cfg(target_arch = "x86_64")]
-use anyhow::Context;
use anyhow::Result;
-#[cfg(target_arch = "x86_64")]
-use binder::{ExceptionCode, FromIBinder, IntoBinderResult, ParcelFileDescriptor};
-#[cfg(target_arch = "x86_64")]
-use rpcbinder::RpcSession;
-#[cfg(target_arch = "x86_64")]
-use vsock::VsockStream;
-#[cfg(target_arch = "x86_64")]
-use std::os::fd::{FromRawFd, IntoRawFd};
-#[cfg(target_arch = "x86_64")]
-use std::fs::File;
-#[cfg(target_arch = "x86_64")]
-use std::io::Read;
-#[cfg(target_arch = "x86_64")]
-use rustutils::system_properties;
-#[cfg(target_arch = "aarch64")]
use android_hardware_security_see_hwcrypto::aidl::android::hardware::security::see::hwcrypto::IHwCryptoKey::BpHwCryptoKey;
use android_hardware_security_see_hwcrypto::aidl::android::hardware::security::see::hwcrypto::IHwCryptoKey::IHwCryptoKey;
-#[cfg(target_arch = "x86_64")]
-const HWCRYPTO_SERVICE_PORT: u32 = 4;
-
-/// Local function to connect to service
-#[cfg(target_arch = "x86_64")]
-pub fn connect_service<T: FromIBinder + ?Sized>(
- cid: u32,
- port: u32,
-) -> Result<binder::Strong<T>, binder::StatusCode> {
- RpcSession::new().setup_preconnected_client(|| {
- let mut stream = VsockStream::connect_with_cid_port(cid, port).ok()?;
- let mut buffer = [0];
- let _ = stream.read(&mut buffer);
- // SAFETY: ownership is transferred from stream to f
- let f = unsafe { File::from_raw_fd(stream.into_raw_fd()) };
- Some(ParcelFileDescriptor::new(f).into_raw_fd())
- })
-}
-
-/// Get a HwCryptoKey binder service object using a direct vsock connection
-#[cfg(target_arch = "x86_64")]
-pub fn get_hwcryptokey() -> Result<binder::Strong<dyn IHwCryptoKey>, binder::Status> {
- let cid = system_properties::read("trusty.test_vm.vm_cid")
- .context("couldn't get vm cid")
- .or_binder_exception(ExceptionCode::ILLEGAL_STATE)?
- .ok_or(ExceptionCode::ILLEGAL_STATE)?
- .parse::<u32>()
- .context("couldn't parse vm cid")
- .or_binder_exception(ExceptionCode::ILLEGAL_ARGUMENT)?;
- Ok(connect_service(cid, HWCRYPTO_SERVICE_PORT)?)
-}
-
/// Get a HwCryptoKey binder service object using the service manager
-#[cfg(target_arch = "aarch64")]
pub fn get_hwcryptokey() -> Result<binder::Strong<dyn IHwCryptoKey>, binder::Status> {
let interface_name = <BpHwCryptoKey as IHwCryptoKey>::get_descriptor().to_owned() + "/default";
Ok(binder::get_interface(&interface_name)?)
diff --git a/security/see/hwcrypto/default/hwcryptokeyimpl.h b/security/see/hwcrypto/default/hwcryptokeyimpl.h
index 19be8b4..7d3ade7 100644
--- a/security/see/hwcrypto/default/hwcryptokeyimpl.h
+++ b/security/see/hwcrypto/default/hwcryptokeyimpl.h
@@ -46,30 +46,33 @@
ndk::ScopedAStatus deriveCurrentDicePolicyBoundKey(
const ndk_hwcrypto::IHwCryptoKey::DiceBoundDerivationKey& derivationKey,
- ndk_hwcrypto::IHwCryptoKey::DiceCurrentBoundKeyResult* aidl_return);
+ ndk_hwcrypto::IHwCryptoKey::DiceCurrentBoundKeyResult* aidl_return) override;
ndk::ScopedAStatus deriveDicePolicyBoundKey(
const ndk_hwcrypto::IHwCryptoKey::DiceBoundDerivationKey& derivationKey,
const ::std::vector<uint8_t>& dicePolicyForKeyVersion,
- ndk_hwcrypto::IHwCryptoKey::DiceBoundKeyResult* aidl_return);
+ ndk_hwcrypto::IHwCryptoKey::DiceBoundKeyResult* aidl_return) override;
ndk::ScopedAStatus deriveKey(const ndk_hwcrypto::IHwCryptoKey::DerivedKeyParameters& parameters,
- ndk_hwcrypto::IHwCryptoKey::DerivedKey* aidl_return);
+ ndk_hwcrypto::IHwCryptoKey::DerivedKey* aidl_return) override;
ndk::ScopedAStatus getHwCryptoOperations(
- std::shared_ptr<ndk_hwcrypto::IHwCryptoOperations>* aidl_return);
+ std::shared_ptr<ndk_hwcrypto::IHwCryptoOperations>* aidl_return) override;
- ndk::ScopedAStatus importClearKey(const ndk_hwcrypto::types::ExplicitKeyMaterial& keyMaterial,
- const ndk_hwcrypto::KeyPolicy& newKeyPolicy,
- std::shared_ptr<ndk_hwcrypto::IOpaqueKey>* aidl_return);
+ ndk::ScopedAStatus importClearKey(
+ const ndk_hwcrypto::types::ExplicitKeyMaterial& keyMaterial,
+ const ndk_hwcrypto::KeyPolicy& newKeyPolicy,
+ std::shared_ptr<ndk_hwcrypto::IOpaqueKey>* aidl_return) override;
- ndk::ScopedAStatus getCurrentDicePolicy(std::vector<uint8_t>* aidl_return);
+ ndk::ScopedAStatus getCurrentDicePolicy(std::vector<uint8_t>* aidl_return) override;
- ndk::ScopedAStatus keyTokenImport(const ndk_hwcrypto::types::OpaqueKeyToken& requestedKey,
- const ::std::vector<uint8_t>& sealingDicePolicy,
- std::shared_ptr<ndk_hwcrypto::IOpaqueKey>* aidl_return);
+ ndk::ScopedAStatus keyTokenImport(
+ const ndk_hwcrypto::types::OpaqueKeyToken& requestedKey,
+ const ::std::vector<uint8_t>& sealingDicePolicy,
+ std::shared_ptr<ndk_hwcrypto::IOpaqueKey>* aidl_return) override;
- ndk::ScopedAStatus getKeyslotData(ndk_hwcrypto::IHwCryptoKey::KeySlot slotId,
- std::shared_ptr<ndk_hwcrypto::IOpaqueKey>* aidl_return);
+ ndk::ScopedAStatus getKeyslotData(
+ ndk_hwcrypto::IHwCryptoKey::KeySlot slotId,
+ std::shared_ptr<ndk_hwcrypto::IOpaqueKey>* aidl_return) override;
};
template <typename LHP, typename RHP>
@@ -79,9 +82,10 @@
policy.keyLifetime = static_cast<decltype(policy.keyLifetime)>(policyToConvert.keyLifetime);
policy.keyType = static_cast<decltype(policy.keyType)>(policyToConvert.keyType);
policy.keyManagementKey = policyToConvert.keyManagementKey;
+ policy.keyPermissions.reserve(policyToConvert.keyPermissions.size());
for (auto permission : policyToConvert.keyPermissions) {
policy.keyPermissions.push_back(
- std::move(reinterpret_cast<decltype(policy.keyPermissions[0])>(permission)));
+ std::move(static_cast<decltype(policy.keyPermissions)::value_type>(permission)));
}
return policy;
}